Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns

Two new high-severity Kubernetes vulnerabilities leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges.

Akamai has released a new report flagging the two Kubernetes vulnerabilities , and urged system administrators to take immediate steps to mitigate.

The find was built on previous research into Windows nodes vulnerability CVE-2023-3676 reported last July, according to the Akamai report. Subsequent analysis by Akamai found that once a cyber attacker exploits the Windows nodes flaw, they could pivot to take advantage of these additional command injection bugs, tracked under CVE-2023-3893 and 2023-3955. Both follow-on flaws share the same cause, according to the researchers, " insecure function call and lack of user input sanitization."

In order to exploit the two Kubernetes vulnerabilities, cyber attackers would simply need to inject a malicious YAML (YAML Ain't Markup Language) file into the cluster, the report added.

" CVE-2023-3676 requires low privileges and, therefore, sets a low bar for attackers: All they need to have is access to a node and apply privileges," the report said . " S uccessful exploitation of this vulnerability will lead to remote code execution on any Windows node on the machine with system privileges."